developing a federal vision for identity management
DESCRIPTION
Presentation to the President’s National Security Telecommunications Advisory Committee (NSTAC), Task Force on Identity ManagementTRANSCRIPT
Biometrics.gov
Developing a Federal Vision for Identity Management
Duane BlackburnOffice of Science and Technology PolicyExecutive Office of the President
January 16, 2009
Biometrics.gov
Building an IdM System
Enrollment
Application
DNA
Biometric
Name
Date of Birth
SSN
Birth Certificate Driver’s License Passport
Address Phone Number
IP Address
Password
Height Weight
Eye Color
Sex
Mother’s Maiden Name
High School Mascot
FavoritesShoe Size
PIV Card
Biometrics.gov
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
DNA
Biometric
Name
Date of Birth
SSN
Birth Certificate Driver’s License Passport
Address Phone Number
IP Address
Password
Height Weight
Eye Color
Sex
Mother’s Maiden Name
High School Mascot
FavoritesShoe Size
PIV Card
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Enrollment
Application
Biometrics.gov
Building an IdM System
Enrollment
Application
DNA
Biometric
Name
Date of Birth
SSN
Birth Certificate Driver’s License Passport
Address Phone Number
IP Address
Password
Height Weight
Eye Color
Sex
Mother’s Maiden Name
High School Mascot
FavoritesShoe Size
PIV Card
Biometrics.gov
Identity Concentricity
Root
Core
Biometrics.gov
Federal IdM Coordination Timeline
EOP Meetings
(2007)
NSTC Task Force
(2008)
STPI
ReportRelease
(Sep 2008)
Briefings(2008)
CoordinatedAction?
Inauguration
Report Approval
Biometrics.gov
Task Force Composition
►Six month effort (January 1 – July 2, 2008)►Co-chairs
►Duane Blackburn (OSTP)►Judy Spencer (GSA)►Jim Dray (NIST)
►Working groups►Drafting team►Data Collection and Analysis►Digital Identity►Grid►Privacy and Legal
►Participating agencies included DHS, DOD, DOS, DOJ, HHS, SSA, FTC, DOC, GSA, EOP, NSF, ODNI, NASA, FAA, VA, OMB
Biometrics.gov
Task Force Charge
►Provide an assessment of the current state of IdM in the US Government;
►Develop a vision for how IdM should operate in the future;
►Develop first-step recommendations on how to advance towards this vision.
Biometrics.gov
CIO Council Data Call
►First-order understanding of the IdM landscape►Final Report Appendix G►18 responses covering 191 agencies/bureaus,
3400 individual systems►The most common forms of information being
collected for IdM are login alias, PIN/password, legal name, date of birth and social security number
►Few systems (~15%) or programs collect or use biometric-related data (e.g., fingerprints, iris or facial imaging) or use security questions or tokens
Biometrics.gov
Key Findings of the NSTC IdM TF Report► IdM is comprised of three elements: ID applications; Global
telecommunications grid; Digital ID repositories of all kinds
► Within these, the latter two comprise the “IT Utility”
► Two gross processes of Screening and Access Controls coexist within the USG.
► Public messaging and social acceptance have sometimes been seen as sidebar issues in the USG’s approach to IdM, with resultant negative consequences.
► PII may be segregated between application-specific data held inside applications, and that used to establish authentication of basic digital ID’s.
► USG missions include extensive engagement with other jurisdictions of government, international partners, and the public. This underlines not only the criticality of treatment of PII, but also the need for federal processes to be attuned to commercial and emergent international IdM approaches, standards and systems.
Biometrics.gov
Current Landscape
Biometrics.gov
Future State Vision
Biometrics.gov
Objective IdM Architectural Model
‘Network of Networks’
Digital ID Data Federation
ID-specific “Privileges”
(Applications of ID in specific context), with data unique to
eachApplication/user Interface
IdentityManagement
“Utility”
Enterprise IT System
Biometrics.gov
IdM Refocus
Focus:
Challenges:
Controlling Equity:
Cultural Character:
“Appearance”:
CHARACTERISTIC: TODAY Future
Data sets Applications
Standards; Scalability;Social acceptance Business models
Federal IT community Balanced equities- End users- Application sponsors/managers- Digital ID managers- Global grid/IT managers
Service-provider push User-demand pull
German watchmaker’s Utility (elex pwr analogy)shop
Biometrics.gov
Key recommendations► 12 prioritized R&D recommendations
► Rationale: Tech base supporting IdM decomposed, with investments (hopefully) leading to process improvements proposed in each major area
► Complete the basic as-built research, in full detail► Applications, processes, etc
► Conduct gap analysis, and from that, detailed strategy
► Architectural framework…► Singular, comprehensive, interoperable
► Standards-based
► Privacy-centric
► Security-conscious
► Advance the Global Grid agenda► Next-generation network(s)
► Engage internationally
►Governance
Biometrics.gov
TF Report Available online
►www.ostp.gov/nstc►www.biometrics.gov►www.idmanagement.gov
Biometrics.gov
You are not alone…
► President’s Identity Theft Task Force► NSTC, IdM Task Force ► CIO Council, Information Security and IdM Committee► Information Sharing Environment, IdAM Framework► National Security Telecommunications Advisory
Committee, IdM Task Force► HSPD 6, 11, 12► NSPD-59► Cybersecurity Initiative► Organisation for Economic Co-operation and Development
(OECD)► International Telecommunication Union -
Telecommunication Standardization Sector (ITU-T)► International Organization for Standardization (ISO)► Naval Post Graduate School, IdM degree program► Many others…
Biometrics.gov
Duane’s Key Take-Home Points
►Identity and appropriateness of IdM varies amongst individuals
►Numerous IdM activities in the USG►Which represent a fraction of IdM activities in the
US/World►Activities in one impact others
►If we continue to build our systems as if it was to be the only system in existence, we are building our system to fail
►If we continue to build our system-of-systems as if our sector was the only one with identity issues, we are building our system-of-systems to fail
►How are we going to move forward?